clamtk icon indicating copy to clipboard operation
clamtk copied to clipboard

Published 20 hours ago verified publisher icon dave-theunsub

When quarantine two or more malware at the same name it will appear as one malware

Open AlkindiX opened this issue 8 years ago • 3 comments

I scanned a directory contain two malware at the same name as shown in the history

ClamTk, v5.20
Tue Dec 15 16:55:27 2015
ClamAV Signatures: 4158549
Directories Scanned:
/home/mohammed/Downloads
/home/mohammed/GitHub/LOIC/bin/Debug
/home/mohammed/GitHub/LOIC/obj/Debug

Found 2 possible threats (28972 files scanned).

/home/mohammed/GitHub/LOIC/obj/Debug/LOIC.exe      HackTool.DDOS.LOIC-2     
/home/mohammed/GitHub/LOIC/bin/Debug/LOIC.exe      HackTool.DDOS.LOIC-2

The problem is that the two LOIC.exe had been stored as one file on the quarantine of the program

I am using clamTK at Ubuntu 15.10 Wily amd64

AlkindiX avatar Dec 15 '15 13:12 AlkindiX

Hi,

Please open a terminal window and type the following:

cat ~/.clamtk/restore

Mine looks like this:

$ cat .clamtk/restore 06f2c2aade7582da82a9b7469eca506d11858dfa10b2491f6fab88a13f33f8ec:/home/dave/test/CVE-2015-1641.gz:664 3ba2e5b32124c208bc1d10e4ea6685b243d98298e0594f93fad6e36b70fa35e9:/home/dave/test/pkg.7z:664

Let's see how they're getting stored for either removal or putting them back.

respectfully Dave M

dave-theunsub avatar Dec 15 '15 13:12 dave-theunsub 

d15e75ae123cfd0d932f972c747b6169d13f6314c499eb15670f6144cca0c0a1:/home/mohammed/GitHub/LOIC/obj/Debug/LOIC.exe:775

AlkindiX avatar Dec 15 '15 13:12 AlkindiX

I think both of them at

/home/mohammed/GitHub/LOIC/obj/Debug/LOIC.exe      HackTool.DDOS.LOIC-2     
/home/mohammed/GitHub/LOIC/bin/Debug/LOIC.exe      HackTool.DDOS.LOIC-2

have the same data. I mean the same hash name. I think if you make a random characters is better to quarantine multiple file at the same hash in the quarantine

AlkindiX avatar Dec 15 '15 13:12 AlkindiX